Tag Archive for: sets

Mayorkas Sets Out Steps to Elevate Cybersecurity – Homeland Security Today

/in


Secretary Alejandro N. Mayorkas has today announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government. DHS will lead efforts to mitigate risks to the United States, further strengthen its partnerships with the private sector, and expand its investment in the infrastructure and people required to defend against malicious cyber attacks as part of a whole-of-government effort.

 “Cybersecurity is more important than ever, and we will build on the Department’s excellent work as we transform our whole-of-government approach to tackle the challenge we face as a nation,” said Secretary Mayorkas.  “This week is just the beginning of a series of actions DHS will pursue nationally and internationally to improve cybersecurity at all levels.”

DHS plays a key role in protecting the American people from threats in cyberspace.  The Department’s Cybersecurity and Infrastructure Security Agency (CISA) is charged with securing Federal civilian government networks and our nation’s critical infrastructure from physical and cyber threats. Congress, in the recent National Defense Authorization Act (NDAA), further empowered CISA to execute this mission, including by providing authorities for CISA to “hunt” for cyber threats in federal agency networks and to more effectively identify vulnerable technologies used by critical infrastructure sectors. Over the past months, CISA has honed its capabilities and furthered the Department’s effort to advance national cybersecurity by:

  • Leading the national effort to secure the 2020 election, including by sharing timely cybersecurity information with state and local election officials;
  • Driving urgent remediation of risks posed by the exploitation of commonly used network management software and providing incident response assistance to compromised entities;
  • Collaborating with government and private sector partners to disrupt and help protect against malicious activity perpetrated by North Korean actors against financial institutions, including the distribution of technical alerts to help network defenders protect against these threats;
  • Issuing a…

Source…

Rakuten exposes 1.48 million sets of data to access from outside

/in


Japanese online shopping mall operator Rakuten Inc. said Friday that a computer security problem at the group exposed 1,486,291 sets of personal and corporate information to access from the outside.

Of the affected data, managed by Rakuten, credit card subsidiary Rakuten Card Co. and e-money business Rakuten Edy Inc., at least 614 sets were accessed from abroad.

The incident pccurred because the Rakuten group failed to notice or deal with a change in the security settings of an external sales management system the group uses.

The change, which occurred as part of a system update Jan. 15, 2016, left the data accessible from the outside. The group recognized the security hole Nov. 24 this year after being warned by an external expert.

The group completed a necessary setting change by Nov. 26. Since then, no access by a third party has been confirmed, Rakuten said.

At Rakuten Card, the exposed information included the names of corporate representatives and sole proprietors who applied for business loans, amounts of outstanding loans, use of borrowed funds and data from the drivers’ licenses of guarantors.

Among other affected information were data on companies and employees that requested documents to open stores at the Rakuten cybermall and the names and telephone numbers of individuals who asked for transfers of Edy e-money when their smartphones failed.

Rakuten apologized for causing concern and problems to customers and promised to compensate for any damage stemming from misuse of exposed personal information.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.

SUBSCRIBE NOW

Source…

SolarWinds hack sets experts scrambling | Western Advocate

/in


news, world

Suspected Russian hackers who broke into US government agencies also spied on less high-profile organisations, including groups in Britain, a US internet provider and a county government in Arizona, according to web records and a security source. More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage. US Secretary of State Mike Pompeo told a radio show the intrusion appeared to come from Russia. “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he told the Mark Levin show. Networking gear maker Cisco Systems said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company’s ongoing probe said fewer than 50 were compromised. In Britain, a small number of organisations were compromised and not in the public sector, a security source said. Shares in cyber security companies FireEye, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology. Reuters identified Cox Communications and Pima County, Arizona, government as victims of the intrusion. The hack hijacked ubiquitous network management software made by SolarWinds Corp. The breaches of US government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy. In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said. Trump has not said anything publicly about the intrusion. He was being briefed “as needed”, White House spokesman Brian Morgenstern told reporters. National security adviser Robert O’Brien was leading interagency meetings daily, if not more often, he said. No determinations have been made on how to respond or who was responsible, a senior US official said. SolarWinds, which disclosed its unwitting role at the centre of the global hack…

Source…

Hackers’ broad attack sets cyber experts worldwide scrambling to defend networks

/in

(Reuters) -Suspected Russian hackers who broke into U.S. government agencies also spied on less high-profile organizations, including groups in Britain, a U.S. internet provider and a county government in Arizona, according to web records and a security source.

More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage as a senior official in the outgoing administration of U.S. President Donald Trump explicitly acknowledged Russia’s role in the hack for the first time.

Secretary of State Mike Pompeo said on the Mark Levin radio show “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”

Networking gear maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company’s ongoing probe said fewer than 50 were compromised.

In Britain, a small number of organizations were compromised and not in the public sector, a security source said.

Shares in cyber security companies FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.

Reuters identified Cox Communications Inc and Pima County, Arizona government as victims of the intrusion by running a publicly available coding script here from researchers at Moscow-based private cybersecurity firm Kaspersky. The hack hijacked ubiquitous network management software made by SolarWinds Corp. Kaspersky decrypted online web records left behind by the attackers.

The breaches of U.S. government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy. In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said.

 

Source…